Remote code execution

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...

S-CMS 输入验证错误漏洞

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. a remote code execution vulnerability exists in /1.com.php in S-CMS version 3.0 PHP version. An attacker can exploit the vulnerability by modifying PHP files to get ...

Aruba Instant 8.7.1.0 - Arbitrary File Modification Exploit

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aruba Instant 8.5.x:...

Aruba Instant 8.7.1.0 Arbitrary File Modification

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Date: 15/07/2021 Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aru...

Aruba Instant 8.7.1.0 - Arbitrary File Modification

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Date: 15/07/2021 Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aru...

Arbitrary file modification vulnerability in qimengcms

qimengcms is a content management system. An arbitrary file modification vulnerability exists in qimengcms, which can be exploited by an attacker to compromise the integrity of the system...

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

BloofoxCms 跨站请求伪造漏洞

BloofoxCMS is a free open source PHP + MySQL based Web content management system . A cross-site request forgery vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using mode=settings&page=editor to change the content of arbitrary files...

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

Privilege escalation

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

MetInfo File Modification Vulnerability

MetInfo adopts PHP+Mysql architecture, it is a cms building system which is very friendly to SEO, fully functional, supports multi-language, responsive display, and extremely suitable for enterprise and company website construction. A file modification vulnerability exists in MetInfo 7.0 beta. An...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

Design/Logic Flaw

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability allowing attackers to delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. Root cause described across multiple sources as a vulnerability in MetInfo’s f...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

CVE-2021-28798

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 202104...

CVE-2021-28798

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 202104...

Path traversal

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 202104...

QNAP NAS 安全漏洞

A security vulnerability exists in QNAP NAS that stems from a relative path traversal vulnerability that can be exploited by an attacker to modify files affecting the integrity of the system.QNAP has fixed this vulnerability in the following versions:QTS 4.5.2.1630 Build 20210406 and later QTS...